[leaf-user] Some stupid question (IPSec VPN)
Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? Very thankful in advance. PS.- Yes, I know I should ask in OpenSwan list, but I'm already subscribed to a lot of lists and don't want to subscribe to a new one just for one question :) -- Jaime Nebrera - [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
On Friday 11 March 2005 10:58, Jaime Nebrera wrote: Hi all, Just a fast stupid question. Fast stupid answer: From my experience, ipsec[n] gets mapped to a physical interface; so as long as you don't have ~20 gateways to the Internet, you should be fine. If your home office lan has 1 gateway to the internet, you will end up using only ipsec0 for all 30 (20 lan + 10 rw) connections. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? Very thankful in advance. PS.- Yes, I know I should ask in OpenSwan list, but I'm already subscribed to a lot of lists and don't want to subscribe to a new one just for one question :) --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
Hi Jaime, I have not many occasions to help, so . Jaime Nebrera wrote: Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? If I commit no error, an ipsec device is associated to a network interface (ppp0, or eth0). you must define several ipsecN interfaces only if you use several network interfaces (and this case is seldom...) So, in your case, if you use the eth0 interface for the Internet connection, you can set up several ipsec tunnels only through the ipsec0 device. Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? Here, I am certain : with roadwarrior clients, only one ipsec device is needed. Very thankful in advance. PS.- Yes, I know I should ask in OpenSwan list, but I'm already subscribed to a lot of lists and don't want to subscribe to a new one just for one question :) Fabrice --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
Jaime Nebrera wrote: Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? As mentioned, you need one ipsec device per physical interface used with OpenSwan. You shouldn't need more than one unless you've got multiple upstream links to various ISP's. Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? No. But you do need to be careful about how you arrange your IPSec infrastructure. You'll want to stay away from pre-shared-secrets (which dramatically limit your options in setting up road-warrior connections with different settings) and instead use RSA keys or certificates, which allow unique per-client settings (as well as much better security, since you don't have the same secret shared between ~10 people...as Benjamin Franklin said, Three may keep a secret if two of them are dead :-). -- Charles Steinkuehler [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
